Back to Platform

Privacy Policy

Datenschutzerklärung gemäß DSGVO / GDPR Privacy Notice

1. Data Controller

The controller responsible for data processing on this website is:

Nicolaas Florian van Mourik
Hermann-Hesse-Weg 20
63526 Erlensee, Germany
Email: nvanmourik@icloud.com

2. Overview of Data Processing

This platform provides AI governance assessment tools and collaborative voting features. We process the minimum data necessary to provide these services.

Summary:
  • Assessment data: Stored locally in your browser only
  • Priority Poker sessions: Stored on EU servers for 14 days
  • No tracking or analytics cookies
  • No data sold to third parties

3. Hosting and Infrastructure

This website is hosted by Vercel Inc. When you visit our website, Vercel automatically collects and stores information in server log files that your browser transmits:

  • IP address (anonymized after 24 hours)
  • Date and time of request
  • Browser type and version
  • Operating system
  • Referrer URL

Legal basis: Art. 6(1)(f) GDPR – legitimate interest in stable website operation.
Data location: EU (Frankfurt, Germany)
Processor: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA
Safeguards: EU Standard Contractual Clauses, Data Processing Agreement

4. AI Governance Assessment Tool

When you complete an assessment, the following data is processed:

  • Organization name (if provided)
  • Assessment answers and scores
  • Assessment type selected

Storage: This data is stored exclusively in your browser's localStorage. It is never transmitted to our servers. You can delete this data at any time by clearing your browser data or using the "Start Over" function in the application.

Legal basis: Art. 6(1)(a) GDPR – your consent through use of the tool.

5. Priority Poker (Collaborative Voting)

When you create or participate in a Priority Poker session, the following data is processed:

  • Session identifier
  • Initiative name/description
  • Participant names or labels (as entered by users)
  • Vote data (dimension scores, confidence levels)
  • Timestamps

Storage: Vercel KV (Redis) hosted in Frankfurt, Germany (EU).
Retention: Sessions are automatically deleted after 14 days.
Legal basis: Art. 6(1)(b) GDPR – necessary for service provision.

Session hosts can request early deletion of their session data by contacting us with the session ID.

6. Email Communications

If you choose to provide your email address (e.g., to receive assessment reports or updates), we process:

  • Email address
  • Communication preferences
  • Date of consent

Legal basis: Art. 6(1)(a) GDPR – explicit consent.
Withdrawal: You can unsubscribe at any time via the link in each email or by contacting us.
Retention: Until consent is withdrawn.

7. Cookies and Local Storage

Cookies: This website uses only strictly necessary cookies required for basic functionality (e.g., Vercel deployment). We do not use tracking or marketing cookies.

localStorage: We use your browser's localStorage to save assessment progress and preferences. This data remains on your device and is not transmitted to us.

Legal basis: Art. 6(1)(f) GDPR – strictly necessary for service functionality.

8. Analytics

We use Vercel Analytics, a privacy-focused analytics service that:

  • Does not use cookies
  • Does not track individual users
  • Collects only aggregated, anonymized data
  • Processes data in the EU

Legal basis: Art. 6(1)(f) GDPR – legitimate interest in understanding website usage.

9. Your Rights

Under the GDPR, you have the following rights:

  • Access (Art. 15) – Request information about your personal data
  • Rectification (Art. 16) – Request correction of inaccurate data
  • Erasure (Art. 17) – Request deletion of your data
  • Restriction (Art. 18) – Request restricted processing
  • Portability (Art. 20) – Receive your data in a portable format
  • Objection (Art. 21) – Object to processing based on legitimate interest
  • Withdraw consent (Art. 7) – Withdraw any given consent at any time

To exercise these rights, contact us at: nvanmourik@icloud.com

10. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. The competent supervisory authority for data protection issues is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden, Germany
Website: datenschutz.hessen.de

11. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • TLS/SSL encryption for all data transmission
  • Encrypted data storage
  • Regular security updates
  • Access controls and authentication
  • Automatic data deletion after retention period

12. Changes to This Policy

We may update this privacy policy from time to time. The current version is always available on this page. We recommend reviewing this page periodically.

Last updated: February 2025